OpenVPN: DNS and dnsmasq configuration

By | 02/22/2019

In addition to the OpenVPN: настройка OpenVPN Access Server и AWS VPC peering post – DNS settings example.

We have the domain, which has to be resolved to its Public IP (of the AWS EC2 instance) if it’s requested from thу Internet – or to its Private IP – if requested via a VPN connection.

To achieve this – you can use the dnsmasq service installed on the OpenVPN AS host.

Install it:

apt -y install dnsmasq

Create a /etc/dnsmasq.hosts file with hardcoded Private IP for necessary services:

Next – update /etc/dnsmasq.conf file and add the addn-hosts option so it will look  like next:


Restart the dnsmasq service:

root@openvpnas2:~# service dnsmasq restart

Check locally:

root@openvpnas2:~# dig @localhost +short


Now go to your OpenVPN’s admin page => VPN Settings and set the Have clients use specific DNS servers to Yes:

In the Primary DNS Server filed set your EC2’s Private IP where is your OpenVPN server running.

Restart your VPN connection on a workstation:

sudo openvpn --config vpnroot-client.ovpn
Fri Feb 22 16:53:58 2019 /usr/bin/ip link set dev tun0 up mtu 1500
Fri Feb 22 16:53:58 2019 /usr/bin/ip addr add dev tun0 broadcast
Fri Feb 22 16:53:58 2019 /etc/openvpn/update-resolv-conf tun0 1500 1553 init
dhcp-option DNS

Check local resolv.conf:

cat /etc/resolv.conf
Generated by resolvconf

Check DNS resolution:

dig +short

And any other:

dig +short